package com.situ.day1;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

import org.junit.Test;

public class SQLZhuRu {  //Statement
	@Test
	public void testUpdate1() {
	   Connection connection = null;
	   Statement statement = null;
	   ResultSet resultSet = null;
	   String name = "cdhzv' OR 1=1 -- y";
	   String pasword = "554252";
	   try {
	     //2、获得连接对象Connection
	     connection = JDBCUtilEnd.getConnection();
	     //3、写sql语句
	     //String sql = "update student set age=age+8 where id=1;";
	     //String sql = "insert into student(name,age,gender) values('yyyy',30,'男');";
	     String sql = "Select * from user where name = '"+name +"' and passeord ='"+pasword+"';";
	     //4、创建Statement
	     statement = connection.createStatement();
//	     PreparedStatement
//	           预 编译 、效率高、防止sql注入
	     //5、执行sql语句
	     //     更新类(更新了表里面数据)：delete/update/insert      executeUpdate()   返回值int:表示你影响的行数

	     //     查询(没有改变表里面数据)：select                    executeQuery()     返回结果集：ResultSet
	    resultSet = statement.executeQuery(sql);
	    while (resultSet.next()) {
			System.out.println("登陆成功");
		}
	   } catch (SQLException e) {
	     e.printStackTrace();
	   } finally {
	     //6、关闭连接
	      JDBCUtilEnd.close(connection, statement, null);
	   }

	}
	
	
	// ------------------------------------------------------------------
	@Test
	public void test1() {
	   Connection connection = null;
	   java.sql.PreparedStatement preparedStatement = null;
	   ResultSet resultSet = null;
	 
	   try {
	     //2、获得连接对象Connection
	     connection = JDBCUtilEnd.getConnection();
	     //3、写sql语句
	     //String sql = "update student set age=age+8 where id=1;";
	     //String sql = "insert into student(name,age,gender) values('yyyy',30,'男');";
	     String sql = "select * from user where name =? and password =?";
	     
	     //4、创建Statement
	    preparedStatement = connection.prepareStatement(sql);
	    preparedStatement.setString(1, "张三");
	    preparedStatement.setString(2, "123");
	    
//	     PreparedStatement
//	           预 编译 、效率高、防止sql注入
	     //5、执行sql语句
	     //     更新类(更新了表里面数据)：delete/update/insert      executeUpdate()   返回值int:表示你影响的行数

	     //     查询(没有改变表里面数据)：select                    executeQuery()     返回结果集：ResultSet
	    resultSet = preparedStatement.executeQuery();
	    while (resultSet.next()) {
	    	String name = resultSet.getString("name");
	    	String password = resultSet.getString("password");
			System.out.println("登陆成功");
		}
	   } catch (SQLException e) {
	     e.printStackTrace();
	   } finally {
	     //6、关闭连接
	      JDBCUtilEnd.close(connection, preparedStatement, null);
	   }
	}
}
